Professional Documents
Culture Documents
Audit Compliance Report SAMPLE
Audit Compliance Report SAMPLE
Audit Compliance Report SAMPLE
Version Control
DATE:
AUDITOR:
Classification: Confidential
Inf or m a ti on Security Managem ent Sys tem Com pliance C ontr ols Com pliance
Compliant Observation
Observation Minor Nonconformity
Minor Nonconformity Major Nonconformity
Major Nonconformity Not Audited
Number of Controls Not Audited in this report: 0 Number of Controls Not Audited in this report: 0
Classification: Confidential
[Company] : ISO 27001: 2013 Information Security Management System - Audit Sheet
Classification: Confidential
Evidence
ISO 27001 Clause Title Control Objective Rating Date Last Assessed Evaluation Method What needs to be put in place Who will put it in place Date it will be done
Positive Negative
c) interfaces and dependencies between activities performed by the organisation, and Document: 3 Documented ISMS Scope documents the
those that are performed by other organisations. scope and the bounderies and was signed off by the
Compliant Review of documents and records
Management Review Team
5 Leadership
SAMPLE - DETAIL REMOVED Document: Communication Plan sets out the Compliant Review of documents and records
communications for the year across media and
approaches
Page 3 of 16
Classification: Confidential
SAMPLE - DETAIL REMOVED Document: IS 15 Continual Improvement Policy sets Compliant Review of documents and records
out the continual improvement policy.
6 Planning
Page 4 of 16
Classification: Confidential
SAMPLE - DETAIL REMOVED Documented in document: 1 The Information Security Compliant Review of documents and records
Managemen
SAMPLE - DETAIL REMOVED Documented in document: 1 The Information Security Compliant Review of documents and records
Managemen
Page 5 of 16
6.2.1 General
Classification: Confidential
SAMPLE - DETAIL REMOVED Documented in document: 1 The Information Security Compliant Review of documents and records
Managemen
SAMPLE - DETAIL REMOVED Documented in document: 1 The Information Security Compliant Review of documents and records
Managemen
SAMPLE - DETAIL REMOVED Documented in document: 1 The Information Security Compliant Review of documents and records
Managemen
7 Support
SAMPLE - DETAIL REMOVED Document: Competency Matrix captures the core Compliant Review of documents and records
competencies and training requirements of staff in
relation to information security
Page 6 of 16
Classification: Confidential
7.5.1 General
SAMPLE - DETAIL REMOVED Documents stored and accesbile appropriate to the Compliant Review of documents and records
organisation.
SAMPLE - DETAIL REMOVED Documents stored and accesbile appropriate to the Compliant Review of documents and records
organisation.
SAMPLE - DETAIL REMOVED Documents stored and accesbile appropriate to the Compliant Review of documents and records
7.5.3 Control of documented information organisation.
SAMPLE - DETAIL REMOVED Documents stored and accesbile appropriate to the Compliant Review of documents and records
organisation.
SAMPLE - DETAIL REMOVED Version control and document history in place. Compliant Review of documents and records
SAMPLE - DETAIL REMOVED Documents retained and dispoed in line with the Data Compliant Review of documents and records
Retention Policy.
8 Operation
SAMPLE - DETAIL REMOVED Document: IS 13 Change Management Policy Compliant Review of documents and records
8.1 Operational planning and control
Document: IS 14 Third Party Supplier Security Policy
SAMPLE - DETAIL REMOVED Document: ISMS Risk Register Compliant Review of documents and records
There is a risk managent process in place and
documented.
SAMPLE - DETAIL REMOVED Document: ISMS Risk Register Compliant Review of documents and records
9 Performance evaluation
Page 7 of 16
Classification: Confidential
Page 8 of 16
Classification: Confidential
Page 9 of 16
Classification: Confidential
10 Improvement
SAMPLE - DETAIL REMOVED A program of internal audit is conducted and Compliant Review of documents and records
document: Audit Plan sets out the audit plan for the
year.
Compliant 114
Observation 0
Minor Nonconformity 0
Major Nonconformity 0
Not Audited 0
Page 10 of 16
Classification: Confidential
Classification: Confidential
Evidence
ISO 27002 Clause Title Control Objective SOC 1 General IT Control Rating Date Last Assessed Evaluation Method What needs to be put in place Who will put it in place Date it will be done
Positive Negative
5.1 Management direction for information security To provide management direction and support for information security in accordance with business requirements and relevant laws and regulations.
6.1 Internal organisation Objective: To establish a management framework to initiate and control the implementation and operation of information security within the organisation.
6.1.1 Information security roles and responsibilities SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
6.1.2 Segregation of duties SAMPLE - DETAIL REMOVED Information Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
6.1.3 Contact with authorities SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
6.1.4 Contact with special interest groups SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
6.1.5 Information security in project management SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
6.2 Mobile devices and teleworking Objective: To ensure the security of teleworking and use of mobile devices.
6.2.1 Mobile device policy SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
6.2.2 Teleworking SAMPLE - DETAIL REMOVED Information Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
7.1 Prior to Employment Objective: To ensure that employees and contractors understand their responsibilities and are suitable for the roles for which they are considered.
7.1.1 Screening SAMPLE - DETAIL REMOVED Control Environment SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
7.1.2 Terms and conditions of employment SAMPLE - DETAIL REMOVED Control Environment SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
7.2 During employment Objective: To ensure that employees and contractors are aware of and fulfil their information security responsibilities.
7.2.1 Management responsibilities SAMPLE - DETAIL REMOVED Control Environment SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
7.2.2 Information security awareness, education and training SAMPLE - DETAIL REMOVED Control Environment SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
7.2.3 Disciplinary process SAMPLE - DETAIL REMOVED Control Environment SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
7.3 Termination or change of employment Objective: Does the organisation ensure that employees, contractors and third party users exit the organisation or change employment in an orderly manner?
7.3.1 Termination or change of employment responsibilities SAMPLE - DETAIL REMOVED Control Environment SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
8 Asset management
8.1 Responsibility for assets Objective: To identify organisational assets and define appropriate protection responsibilities.
8.1.1 Inventory of assets SAMPLE - DETAIL REMOVED Physical Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
8.1.2 Ownership of assets SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
8.1.3 Acceptable use of assets SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
8.1.4 Return of assets SAMPLE - DETAIL REMOVED Physical Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
Page 11 of 16
Classification: Confidential
8.2 Information classification Objective: Does the organisation ensure that information receives an appropriate level of protection?
8.2.1 Classification of information SAMPLE - DETAIL REMOVED Information Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
8.2.2 Labelling of information SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
8.2.3 Handling of assets SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
8.3.1 Management of removable media SAMPLE - DETAIL REMOVED Physical Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
8.3.2 Disposal of media SAMPLE - DETAIL REMOVED Physical Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
8.3.3 Physical media transfer SAMPLE - DETAIL REMOVED Physical Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
9 Access control
9.1 Business requirements for access control Objective: To limit access to information and information processing facilities.
9.1.1 Access control policy SAMPLE - DETAIL REMOVED Information Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
9.1.2 Access to networks and network services SAMPLE - DETAIL REMOVED Information Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
9.2 User access management Objective: To ensure authorised user access and to prevent unauthorised access to systems and services.
9.2.1 User registration and deregistration SAMPLE - DETAIL REMOVED Information Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
9.2.2 User access provisioning SAMPLE - DETAIL REMOVED Information Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
9.2.3 Management of privileged access rights SAMPLE - DETAIL REMOVED Information Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
9.2.4 Management of secret authentication information of users SAMPLE - DETAIL REMOVED Information Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
9.2.5 Review of user access rights SAMPLE - DETAIL REMOVED Information Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
9.2.6 Removal or adjustment of access rights SAMPLE - DETAIL REMOVED Information Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
9.3 User responsibilities Objective: To make users accountable for safeguarding their authentication information.
9.3.1 Use of secret authentication information SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
9.4 System and application access control Objective: To prevent unauthorised access to systems and applications.
9.4.1 Information access restriction SAMPLE - DETAIL REMOVED Information Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
9.4.2 Secure logon procedures SAMPLE - DETAIL REMOVED Information Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
9.4.3 Password management system SAMPLE - DETAIL REMOVED Information Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
9.4.4 Use of privileged utility programs SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
9.4.5 Access control to program source code SAMPLE - DETAIL REMOVED Information Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
10 Cryptography
10.1 Cryptographic controls Objective: To ensure proper and effective use of cryptography to protect the confidentiality, authenticity and/or integrity of information.
10.1.1 Policy on the use of cryptographic controls SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
10.1.2 Key management SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
11.1 Secure areas Objective: To prevent unauthorised physical access, damage and interference to the organisation’s information and information processing facilities.
Page 12 of 16
Classification: Confidential
11.1.1 Physical security perimeter SAMPLE - DETAIL REMOVED Physical Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
11.1.2 Physical entry controls SAMPLE - DETAIL REMOVED Physical Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
11.1.3 Securing offices, rooms and facilities SAMPLE - DETAIL REMOVED Physical Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
11.1.4 Protecting against external and environmental threats SAMPLE - DETAIL REMOVED Environmental Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
11.1.5 Working in secure areas SAMPLE - DETAIL REMOVED Physical Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
11.1.6 Delivery and loading areas SAMPLE - DETAIL REMOVED Physical Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
11.2 Equipment Objective: To prevent loss, damage, theft or compromise of assets and interruption to the organisation’s operations.
11.2.1 Equipment siting and protection SAMPLE - DETAIL REMOVED Physical Security, Environmental Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
11.2.2 Supporting utilities SAMPLE - DETAIL REMOVED Environmental Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
11.2.3 Cabling security SAMPLE - DETAIL REMOVED Physical Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
11.2.4 Equipment maintenance SAMPLE - DETAIL REMOVED Environmental Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
11.2.5 Removal of assets SAMPLE - DETAIL REMOVED Physical Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
11.2.6 Security of equipment and assets off premises SAMPLE - DETAIL REMOVED Physical Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
11.2.7 Secure disposal or reuse of equipment SAMPLE - DETAIL REMOVED Physical Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
11.2.8 Unattended user equipment SAMPLE - DETAIL REMOVED Physical Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
11.2.9 Clear desk and clear screen policy SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
12 Operations security
12.1.1 Documented operating procedures SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
12.1.2 Change management SAMPLE - DETAIL REMOVED Change Management SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
12.1.3 Capacity management SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
12.2 Protection from malware Objective: To ensure that information and information processing facilities are protected against malware.
12.2.1 Controls against malware SAMPLE - DETAIL REMOVED Physical Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
Page 13 of 16
Classification: Confidential
12.4 Logging and monitoring Objective: To record events and generate evidence.
12.4.1 Event logging SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
12.4.2 Protection of log information SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
12.4.3 Administrator and operator logs SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
12.4.4 Clock synchronisation SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
12.5 Control of operational software Objective: To ensure the integrity of operational systems.
12.5.1 Installation of software on operational systems SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
12.6.1 Management of technical vulnerabilities SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
12.6.2 Restrictions on software installation SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
12.7 Information systems audit considerations Objective: To minimise the impact of audit activities on operational systems.
12.7.1 Information systems audit controls SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
13 Communications security
13.1 Network security management Objective: To ensure the protection of information in networks and its supporting information processing facilities.
13.1.3 Segregation in networks SAMPLE - DETAIL REMOVED Physical Security,Network Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
13.2 Information transfer Objective: To ensure the protection of information in networks and its supporting information processing facilities.
13.2.2 Agreements on information transfer SAMPLE - DETAIL REMOVED Data Communications SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
13.2.3 Electronic messaging SAMPLE - DETAIL REMOVED Network Security, Data Communications SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
13.2.4 Confidentiality or non-disclosure agreements SAMPLE - DETAIL REMOVED Data Communications SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
14.1 Security requirements of information systems Objective: To ensure that information security is an integral part of information systems across the entire lifecycle. This also includes the requirements for information systems which provide services over public networks.
14.1.2 Securing application services on public networks SAMPLE - DETAIL REMOVED Network Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
14.1.3 Protecting application services transactions SAMPLE - DETAIL REMOVED Network Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
Page 14 of 16
Classification: Confidential
14.2 Security in development and support processes Objective: To ensure that information security is designed and implemented within the development lifecycle of information systems.
14.2.1 Secure development policy SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
14.2.2 System change control procedures SAMPLE - DETAIL REMOVED Change Management SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
14.2.4 Restrictions on changes to software packages SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
14.2.5 Secure system engineering principles SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
14.2.6 Secure development environment SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
14.2.7 Outsourced development SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
14.2.8 System security testing SAMPLE - DETAIL REMOVED Change Management SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
14.2.9 System acceptance testing SAMPLE - DETAIL REMOVED Change Management SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
14.3 Test data Objective: To ensure the protection of data used for testing.
14.3.1 Protection of test data SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
15 Supplier Relationships
15.1 Information security in supplier relationships Objective: To ensure protection of the organisation’s assets that is accessible by suppliers.
15.1.1 Information security policy for supplier relationships SAMPLE - DETAIL REMOVED Vendor Management SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
15.1.2 Addressing security within supplier agreements SAMPLE - DETAIL REMOVED Vendor Management SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
15.1.3 Information and communication technology supply chain SAMPLE - DETAIL REMOVED Vendor Management SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
15.2 Supplier service delivery management Objective: To maintain an agreed level of information security and service delivery in line with supplier agreements.
15.2.1 Monitoring and review of supplier services SAMPLE - DETAIL REMOVED Vendor Management SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
15.2.2 Managing changes to supplier services SAMPLE - DETAIL REMOVED Change Management, Vendor Management SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
16.1.1 Responsibilities and procedures SAMPLE - DETAIL REMOVED Incident Management SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
16.1.2 Reporting information security events SAMPLE - DETAIL REMOVED Incident Management SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
16.1.3 Reporting information security weaknesses SAMPLE - DETAIL REMOVED Incident Management SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
16.1.4 Assessment of and decision on information security events SAMPLE - DETAIL REMOVED Incident Management SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
Page 15 of 16
Classification: Confidential
16.1.5 Response to information security incidents SAMPLE - DETAIL REMOVED Incident Management SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
16.1.6 Learning from information security incidents SAMPLE - DETAIL REMOVED Incident Management SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
16.1.7 Collection of evidence SAMPLE - DETAIL REMOVED Incident Management SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
17.1 Information security continuity Objective: Information security continuity should be embedded in the organisation’s business continuity management systems.
17.1.1 Planning information security continuity SAMPLE - DETAIL REMOVED Environmental Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
17.1.3 Verify, review and evaluate information security continuity SAMPLE - DETAIL REMOVED Environmental Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
17.2.1 Availability of information processing facilities SAMPLE - DETAIL REMOVED Environmental Security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
18 Compliance
18.1.2 Intellectual property rights SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
18.1.3 Protection of records SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
18.1.5 Regulation of cryptographic controls SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
18.2 Information security reviews Objective: To avoid breaches of legal, statutory, regulatory or contractual obligations related to information security and of any security requirements
18.2.1 Independent review of information security SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
18.2.2 Compliance with security policies and standards SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
18.2.3 Technical compliance review SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED SAMPLE - DETAIL REMOVED Major Nonconformity
Compliant 0
Observation 0
Minor Nonconformity 0
Major Nonconformity 114
Not Audited 0
Page 16 of 16